About

From its office in Clayton, Missouri, Danna McKitrick, P.C., delivers legal representation to new and growing businesses, financial institutions, non-profit and government-related entities, business owners, individuals, and families throughout the greater St. Louis region and the Midwest.

Danna McKitrick attorneys practice across many areas of law, both industry- and service-oriented.

Cyber criminals hack businesses for a myriad of reasons: to rob bank accounts by hacking email accounts and intercepting wire transfers; to file fraudulent tax returns using stolen customer or employee personal data; to commit health insurance or Medicare fraud; to steal intellectual property; to destroy property; and to deny service. Websites are also hacked as a mechanism to cyber hack other businesses. (See data protection tips here.)

Cyber hackers include your employees, identity thieves, contractors and vendors, business competitors, terrorists, state-sponsored actors and others. The success of your business and its very existence could be placed in jeopardy because of unauthorized business account access, loss of ability to execute transactions, regulatory, reputational and litigation costs, and significant remedial costs.

Focusing on the litigation ramifications, let’s use the following fictional ABC Co. case study to understand the various laws involved. Continue reading »

A cyber incident will happen to your company. It is not a matter of if, but when. Small businesses make an appealing target because hackers know they don’t spend as much on security as larger businesses and are not as careful.

According to a Towergate Insurance study, 82 percent of small business owners claim that they are not targets for attack because there is nothing worth stealing. However, employee personal data and health information and customer data are always worth stealing. Symantec reports that 43 percent of cyber-attacks worldwide in 2016 were against small businesses with less than 250 workers. In fact, cyber crooks try to rob bank accounts via wire transfers, steal customers’ personal identify information, file fraudulent tax returns, commit Medicare fraud, etc.

IBM estimates that nearly two-thirds of all cyber-attacks hit small to mid-sized businesses. More disturbing, the U.S. National Cyber Security Alliance estimates that about 60 percent of those hit are forced to close six months after an attack. A 2016 Poneman Institute Breach Report advises that the average price a small business has to pay after a cyber attack is about $690,000.

One in 14 users are tricked into following a link or opening an attachment with 25 percent of the users making the same mistake twice

It’s all about the money: Perpetrators of data breaches steal and exploit sensitive data for financial gain. They are opportunistic, using phishing to poke for weak points to use as entry points. Phishing, the most common tool, involves collecting sensitive information like login credentials and credit card information through legitimate-looking but fraudulent websites. Ninety-five percent of phishing attacks led to a breach that was followed by the installation of some sort of malicious software (malware).

Small to mid-sized businesses can take preventive steps to minimize damage. Here are 20 tactics to employ to protect your data. Continue reading »

Our ever-evolving technological society is raising new questions about how to reconcile complex health data protection laws with cloud storage. Storage of data in the “cloud” allows users to store, maintain, and manage data remotely on the internet. Its advantages include accessibility of the cloud-stored data from any location via the internet, emergency back-up capacity, and even cost savings. An online search for HIPAA-compliant cloud storage companies reveals that there is no shortage of companies who advertise their “HIPAA-compliant cloud services.” It is important to remember that working with a company who claims their cloud storage “is HIPAA compliant,” does not excuse you from meeting HIPAA requirements. Due diligence is required when selecting such a company and entering into appropriate contractual arrangements with the companies.

The Department of Health and Human Services’ Office for Civil Rights (“OCR”) is responsible for overseeing protection of sensitive health data under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). OCR issued guidance on October 6, 2016, explaining how to safeguard electronic health information protected by HIPAA in today’s widespread cloud networking environment.

HIPAA applies to “covered entities,” and this article will focus on one such covered entity, the health care provider. Most health care providers do not perform all of their health care functions by themselves and instead often use a range of services offered by others, called “business associates” under HIPAA. Health care providers are permitted to disclose protected health information (“PHI”) to these business associates (“BA”) as long as they obtain satisfactory assurances that the BA will use the information only for the purposes for which it was engaged by the health care provider, will safeguard the information from misuse, and will help the health care provider comply with some of the health care provider’s duties under HIPAA, through the execution of business associate agreements.

Most companies are under a common perception that all jobs involving computers are complex, require exceptional expertise and are therefore exempt from the requirement of overtime pay under the Fair Labor Standards Act. Legally, this is not true. As a preventive measure, companies should audit their workforce to make sure that their information technology workers are properly classified. Failure to do so could cause companies to lose their exemption from paying overtime for all misclassified employees, payment of two to three years of back pay and the payment of double damages.

There are three possible applicable exemptions available to avoid overtime pay for information technology jobs. They are: (1) the computer related exemption under 29 CFR Section 541.400; (2) the administrative exemption under 29 CFR Section 541.200; and (3) the executive exemption under 29 CFR Section 641.100. This article will focus only on the computer related exemption.

The success of a company in the technology sector is largely dependent upon its intellectual property, which, in turn, is derived from investment in human capital. It is the company’s employees (as used herein, the term “employee” will include independent contractors and contract employees) who develop software, invent new products or techniques, and generate other types of trade secrets and confidential information. Today, because employees are more mobile than ever, it is extremely important that businesses take precautions to keep their intellectual property from being utilized by an employee who goes to work for a competitor.

Patent and copyright law provide an entrepreneur some rights in relation to employees involved in developing patented or copyrighted material. Additionally, an entrepreneur has some common law rights in its trade secrets and confidential information. However, in order for a business to fully protect its interests in intellectual property developed and utilized by it, it is important to implement written agreements
that specifically address the rights of the business and its employees relative to such inventions and information.